x-forward-for implementation

jbartoldus · ‎01-22-2014

How is the ACE supposed to implement x-forward-for? For http request headers where there is an existing x-forward-for header, the ACE should be appending to existing header. Instead, the ACE is adding a second x-forward-for header in the same http request. This is causing issues with backend servers that are parsing the headers.

ACE 30 module running A4(2.3) code.

Kanwaljeet Singh · ‎01-22-2014

Hi,

The ACE inserts x-forwarded-for header and not append to an already existing one. By the way why do you want to insert another one when you already have it?

Also, the option i see is only available for insert and not append. Not sure if there is any way either we can do it. May you can let only Ace insert ip port etc.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

jbartoldus · ‎01-22-2014

The standard is for proxy devices to append the last source IP address to the list of existing addresses. So, the value of the X-Forward-For field would be client ip, proxy 1, proxy2, ... The true client IP address would be the first left-most IP address that is not an RFC 1918 address.

Kanwaljeet Singh · ‎01-23-2014

Hi,

In this case i would suggest to contact your account team to raise an enhancement request but with ACE platform being discontnued i am not sure they would be investing time bringing in new features.

Regards,

Kanwal